Preventing Undesirable Content with Cloud Web Security

Updated on

To perform this part of the demo, you need:

  • Any Dropbox account. Your own Dropbox account will work on the demo device.
  • To view security SASE policies, reference SD-WAN Orchestrator.

Cloud Web Security Custom Tunnel Policy

In SD-WAN Orchestrator, go  to Cloud Web Security > Configure > Security Policies > Tunnel-Policy.

Block Dropbox Operations Policy

Drill into Tunnel-Policy. Go to CASB

A custom security policy Block Dropbox Operations is configured. You can view the policy with read-only access.

Device Demo: Blocked Action

On the device, using Chrome, load Dropbox.com.

Attempt to CREATE a document. Create > Document > Word Document

Request Blocked

The CREATE action is blocked by the Dropbox-specific Cloud Web Security policy.

View Web Logs

Next, we'll view the logged "block" action. In SD-WAN Orchestrator be sure you're still viewing Cloud Web Security.

Filtering Web Logs

In Monitor > Web Logs, filter by the following:

  • Change the view to past 60 minutes.
  • Filter the list to "Action is Block".  

Filtered Web Logs

You should see your blocked action for Dropbox.  

Cloud Web Security Integration with Workspace ONE Access

In TestDrive, Workspace ONE Access integration for name resolution is disabled for security reasons. This page is provide for your information.

Instead of unknown or anonymous users listed in Web Logs, Cloud Web Security can be integrated with Workspace ONE Access and other third-party IdPs for authentication and username resolution (as pictured).

Next, we'll inspect the network traffic on the WAN.

Previous Article VPN with WS1 Tunnel
Next Article Securing & Optimizing Network Traffic with VMware SD-WAN Orchestrator